Does Secure Erase Actually Work?

Chris A. Ciufo, Editor, Embedded Systems Engineering

In this Part 2 of 2, I examine the subject of using the flash manufacturer’s secure erase feature—since so many DoD documents recommend it.

In Part 1 of this blog (“How Does One “Zeroize” Flash Devices?”), I set about finding DoD recommendations for “zeroizing” (or “sanitizing”) sensitive data from flash memory, including flash-based solid state disks (SSDs). Many of the government’s recommendations rely on the flash manufacturer’s Secure Erase command which is allegedly based upon the ATA’s recommendations of the same name. Yet research has been done that calls into question either how well this command works or how well manufacturers are implementing it in their devices. Either way, if the DoD allows a “self-policing” policy to protect sensitive data, I have concerns that the data isn’t safely locked up.

Note, unless otherwise specified by context, I use the terms “flash”, “flash memory” and “solid state disks” or “SSDs” interchangeably since the results are similar.  SSDs are made up of flash memory plus control, wear and sometimes encryption logic.

Many of the government’s recommendations rely on the flash manufacturer’s Secure Erase command, which is allegedly based upon the ATA’s recommendations of the same name. Yet research has been done that calls into question either how well this command works or how well manufacturers are implementing it in their devices. Either way, if the DoD allows a “self-policing” policy to protect sensitive data, I have concerns that the data isn’t safely locked up.

Flash in Freefall

In 2010 MLC flash memory hit stride and became cheap and ubiquitous, making security an issue. According to data tracked by John C. McCallum, in 2004 the price per MB of flash ($/MB) was around $0.22; it dropped to $0.01 in 2006 and then hit ~$0.002 in 2009. That is: it dropped about 20x from 2004 to 2006 and another order of magnitude in the next 2-3 years. By 2010, flash moved from expensive boot memory and cheesy 128MB freebie USB sticks to a credible high-density media that would challenge mechanical (rotating media) HDDs.

Computer-ready SSDs arrived on the scene around this time. They were crazy fast, moderately dense, but way more expensive than hard disks of the same size. The speed made them compelling. And it became obvious that important data could be stored on SSDs, but data security would eventually become important. As well, flash stores data differently than magnetic drives and requires a built-in wear-leveling algorithm to assure even “wear out” across internal memory blocks. These issues taken together catalyzed the industry to make recommendations for securely erasing devices to assure data was really gone when a file was deleted.

Industry Recommendations

Let’s start with the recommendations made by industry presented at the Flash Memory Summit in 2010, about the time flash was gaining serious traction. As presented by Jack Winters, CTO of Foremay, numerous industries—including defense—needed a way to securely erase sensitive data stored in SSDs and flash memories. It is not acceptable to delete or reformat an SSD because the data would remain intact. The only way to successfully erase is to “overwrite all user data in allocated blocks, file tables and…in reallocated defective blocks,” said Mr. Winters at the time. Figure 1 represents a summary of the three types of ATA Secure Erase methods.

Figure 1: Secure Erase (SE) Method Summary, each offering pros and cons. (Courtesy: Flash Memory Summit, 2010; presented by Jack Winters of rugged SSD supplier Foremay.)

Figure 1: Secure Erase (SE) Method Summary, each offering pros and cons. (Courtesy: Flash Memory Summit, 2010; presented by Jack Winters of rugged SSD supplier Foremay.)

Type 1 software-based SE requires a user’s input via keyboard and utilizes a combination of SE command processor, flash bus controller, (ATA) host interface and the device’s sanitize command. The device’s bad block table is erased, rendering the device (or the entire SSD using the flash components) useless for reuse. Type II is a hybrid of software and hardware kicked off by an external line such as GPIO, but logic erases the device(s) to allow flash reuse once the drive is reformatted. For defense customers, it’s unclear to me if Type 1 or Type II is better—the point is to sanitize the data. Reusing the drive, no matter how expensive the drive, is of secondary concern.

Finally, Mr. Winters points out that Type III SE kicks off via external GPIO but involves a high voltage generator along with the controller to destroy the NAND flash transistors within seconds. The drive is not useable—ever—after a “purge”; it’s completely ruined. Note that this kind of erasure isn’t mentioned in the NSA’s “mechanical pulverization” sanitization procedures, and it’s unclear if Type III would meet the NSA’s guidelines for data removal.

These recommended SE procedures for flash made me wonder if the techniques applied to rotating HDDs would also work on SSDs, or if some users might think they are effective at securely sanitizing sensitive data stored on SSDs. After all, if the DoD/NSA recommendations are ambiguous…might users be misapplying them?

Refereed Research: Reliably Erasing SSDs?

An oft-sited refereed paper on the subject of SE appeared in 2011 “Reliably Erasing Data From Flash-Based Solid State Drives”, written by Michael Wei et al. (Note: the 30-minute video of his paper can be found here.) Mr. Wei’s team at UCSD reached three key conclusions:

  • Built-in SE commands are effective…but manufacturers sometimes implement them incorrectly (my emphasis).
  • Overwriting twice is usually, but not always, sufficient.
  • None of the existing HDD techniques for individual file sanitization are effective on SSDs.

This latter point is important: SSDs store data differently than HDDs and therefore require flash-based SE procedures, like the ones described above. According to Wei “the ATA and SCSI command sets [for HDDs] include “secure erase” commands that should sanitize an entire [HDD] disk.” But they don’t work on SSDs. SSDs direct data to raw flash data locations using a logical block address, sort of like a look-up table called the Flash Translation Layer (FTL). This is done for a variety of reasons, from improving speed and wear-out endurance, to “hiding the flash memory’s idiosyncratic interface,” says Wei.

Wei and his colleagues investigated the ATA sanitization commands, software techniques to sanitize drives, and common software to securely erase individual files. Researchers dug deeply into the memories using forensic techniques—which is not unlike what a determined adversary might do when trying to extract classified data from a recovered DoD or military SSD.

Cutting to the chase for the sake of brevity, Wei discovered that trying to sanitize individual files “consistently fail[s]” to remove data. As well, software sanitizing techniques—not built into the drives—are usually successful at the entire drive level, but the overwrite pattern may provide clues to the data or “may impact the effectiveness of overwriting.”

In fact, one of my colleagues from Mercury Computer’s Secure Memory Group (formerly Microsemi) told me that knowing the nature of the original data set provides some clues about that data merely by examining the overwrite patterns. It’s third-order deeply technical stuff, but it all points to the need for built-in flash SE circuitry and algorithms.

Another key point from Wei and his colleagues is that retrieving non- or poorly-sanitized data from SSDs is “relatively easy,” and can be done using tools and disassembly costing under $1,000 (in 2011). Comparable tools to recover erased files from rotating media HDDs was over $250,000. This points to the need for proper SE on SSDs.

Doing It Wrong…and Write

For SSDs, SE is based on the ATA Security “Erase Unit” (ATA-3) command originally written for HDDs in 1995 that “erases all user-accessible areas on the drive” by writing 1’s or 0’s into locations. There is also an Enhanced Erase Unit command that allows the flash vendor to write the best pattern onto the flash devices (and hence the overall SSD) that will render the device or drive “sanitized.” Neither of these commands specifically writes to non-user accessible locations, even though flash devices (and hence SSDs) may contain up to 20 to 50 percent more logic cells for storage, speed, and write endurance purposes. Finally, some drives contain a block erase command that performs sanitizing including non-user accessible locations.

Wei et al’s 2011 data is shown in Figure 2. Clearly, this data is now five years old and the reader needs to keep that in mind. The disturbing trend at the time of the research was that of 12 drives tested, 7 didn’t implement the Enhanced SE function, only one self-encrypted the data (which is a good thing), 3 drives executed SE, but data actually remained on the drive. And drive B reported a successful SE but Wei found that “all the data remained intact” (Wei’s emphasis, not mine).

Figure 2: Data reported by Wei et al in “Reliably Erasing Data From Flash-Based Solid State Drives”, 2011. This refereed white paper is often sited when discussing the challenges of sanitizing flash memory and flash-based SSDs.

Figure 2: Data reported by Wei et al in “Reliably Erasing Data From Flash-Based Solid State Drives”, 2011. This refereed white paper is often sited when discussing the challenges of sanitizing flash memory and flash-based SSDs.

Recommendations for Sanitizing

The results shown in Figure 2 prompt the following recommendation from the researchers:

The wide variance among the drives leads us to conclude that each implementation of the security commands must be individually tested before it can be trusted to properly sanitize the drive.

Since these results were published in 2011, the industry has seen many changes as flash memory (and SSD density) increase while prices have fallen. Today, drive manufacturers are cognizant of the need for SE and companies like Kingston even reference Wei et al’s paper, clearly telling their users that the SE commands implemented by the drives must be verified. Kingston states “Kingston SSDNow drives support the ATA Security Command for proper data sanitization and destruction.”

My opinion, after reading piles of data on this topic, is exactly what Wei recommended in 2011: users with sensitive data wishing to sanitize a drive can rely on the ATA Secure Erase command—as long as it’s correctly implemented. To me that means users should test their chosen drive(s) to do their own verification that data is actually gone. When you find a vendor that meets your needs, put their drive under Source Control Drawing and Revision Control and stick with your Approved Vendor List. Buying a different drive might leave your data open to anyone’s interpretation.

Technology, Philosophy, and Kitty Litter: An Interview with VITA’s Ray Alderman

By: Chris A. Ciufo, Editor, Embedded Systems Engineering

Chairman of the Board, Ray Alderman, presents a unique view of how embedded companies compete, thrive and die in the COTS market.

One never knows what Ray Alderman is going to say, only that it’s going to be interesting.  As Chairman of the Board of VITA (and former Executive Director), Ray is a colorful character. We caught up with him to discuss a recent white paper he wrote entitled: “RAW – How This Embedded Board and Systems Business Works.” We posed a series of questions to Ray about his musings; edited excerpts follow.

Chris “C2” Ciufo: Ray, you reference the Boston Consulting Group matrix that places companies in four quadrants, arguing that most of the companies in our embedded COTS industry are Low Volume (LV)/High Margin (HM) “Niche” players. The place not to be is the LV/LM “Graveyard”—right where technologies like ISA, S-100, Multibus and PCI Gen 2 are. But…PCI Express?

RayAldermanRay Alderman: I was careful to say “PCI Express Gen 2.” That’s because Gen 3 is on our doorstep, and then there will be Gen 4, and so on. Gen 2 will be EOL [end of life] before too long. The niche players in our market—all embedded boards, not just VME/VPX—rarely take leadership in mainstream technology. That position is reserved for the four companies that control 75% of the commercial embedded market segment, or $1.5 billion. They are ADLINK, Advantech, congatec, and Kontron: these guys get the inside track with technology innovators like Intel and Nvidia; they’ll have PCIe Gen 4 product ready to ship before the niche players even have the advanced specs. Everyone else has to find other ways to compete.

C2: You said that “in the history of this industry, no company has ever reached $1 billion in sales” because as the volumes go up, customers shift to contract manufacturers to lower their prices. Only three companies ever came close to the HV/LM quadrant. Who were they?

Ray: Advantech, Kontron and Motorola Computer Group (MCG). MCG, you’ll recall, was amalgamated with Force when sold by Solectron, and then morphed into Emerson Computer Group. MCG damn near ruled the VME business back then, but as my model points out—it was unsustainable. Advantech and Kontron are still around, although Kontron is going through some—ahem!—realignment right now. My model and predictions still hold true.

C2: What’s causing this growth-to-bust cycle in the embedded market? Not all markets experience this kind of bell curve: many keep rising beyond our event horizon.

Ray: Since about 1989, the companies that had to sell out or went out of business made one of two basic mistakes: (1) they entered into a commodity market and could not drive their costs down fast enough, or (2) they entered a niche market with a commodity strategy and the volumes never materialized.

I’ve been saying this for a while—it’s practically “Alderman’s Law”—but our military embedded board and system merchant market (all form factors) is about $1.2 billion. The cat litter market in the U.S. is about $1.8 billion, and their product is infinitely less complicated.

C2: Wait—are you really comparing kitty litter to embedded technology?

Ray: By contrast. Cat litter margins are low, volumes are high and they use a complex distribution system to get the litter to cats. Our margins are high, our volumes are low, and we deal direct with the users. The top three companies in the military segment—Abaco [formerly GE Intelligent Platforms], Curtiss-Wright Defense Solutions and Mercury—total up to about $750 million. They’re around $200 million each. They add intellectual value and enjoy high GPM [gross profit margin].

On the other hand, the commercial embedded board market for telecom, industrial, commercial and transportation totals to about $2.0 billion. Using kitty logic, the dry cat food market in the U.S. is about $3.8 billion. Their margins are low, volumes are high, and they use a complex distribution system. The players in the commercial board market have low margins, low volumes (compared to other segments), and sell directly to end users. It’s a terrible place to be. Kitty litter or cat food?

C2: What’s your advice?

Ray: I’m advocating for the military market, where margins are higher. About 61% of the military embedded board/system market is controlled by the three vendors, $750 million. The remaining $450 million (39%) is shared by many small niche vendors: nice, profitable niches. Several smaller companies do $30-50 million in this segment.  In contrast, only four companies control 75% of the commercial embedded boards market, or roughly $1.5 billion. That leaves a mere $500 million (25%) for all of the other smaller companies. Thus there are not many fairly large or profitable niches for these smaller guys—and not many of them do more than $10-15 million. Kitty litter, anyone?

C2: Can you offer some specific advice for board vendors?

Ray: There are only three values you can add to make money in these markets: manufacturing value, service value, and intellectual value. Adding intellectual value is where you add high-level technical skills that other companies do not have. Examples: high speed A-to-D boards where companies like Mercury and Pentek live. You can also add DSPs with unique IP inside. Again, Mercury and Pentek come to mind. In fact, Mercury (then Mercury Computer Systems) proved this model nicely when they invented the RACEway inter-board link and created ASICs to implement it. If you want to raise your GPM, this is how you do it.

In fact, Mercury is still doing it. They bought Echotek some years ago for their I/O boards and just recently bought three divisions of Microsemi. With this latest acquisition, they gain secure storage memories, crypto IP, and a bunch of RF capabilities to add to their existing RF portfolio. Today, RF technology is “magical” and Mercury will be able to charge accordingly for it to maximize their GPM.  Most of the embedded board military suppliers add their value to the market through intellectual value. It makes the most sense.

C2: Is the recipe for success merely targeting niche markets and adding intellectual value?

Ray: I’ll let you in on a little secret. The margin on boards is much higher than the margin on systems. It’s ironic, because every board guy seems to want to get into the systems business, and there have been lots of M&A [mergers and acquisitions] over the past several years. If you’re going to do systems, you’ve got to raise the price, especially if you’re selling air-cooled [convection] systems. Conduction-cooled systems command a higher price, but they’re harder to design.

You also need to choose the niche carefully, but that goes without saying. If you can add intellectual value to your niche—such as high performance GPGPU processing—you can command higher prices, whether at the board- or systems level.

There are only three ways to be successful in the embedded boards and systems business. Be first, be smarter, or cheat. Let me explain.

Being first is usually relegated to the big guys, like Abaco, Curtiss-Wright, or Mercury. They get access to the latest semiconductor technology, which is a fundamental driver in all of our markets. Examples here would be in-advance knowledge of Intel’s Kaby Lake follow-on to the Skylake Core i7 processor, or Nvidia’s plans for their next GPU. The smaller board vendors won’t get access, so they usually can’t be first.

One other thing, the big guys can also adapt a market to them. That is, they have enough influence that they can actually move an entire market. The smaller guys just have to find other ways.

But they can be smarter. Force Computer couldn’t (at the time) beat Motorola’s Computer Group because Motorola was inventing the 68xxx processors back then. So Force switched to the SPARC processor and built a successful business around it.  In effect, Force adapted to a market that was hungry for processing power—it didn’t have to be 68020 or 68040 processing power. [Editor’s note: in fact, the 68040 wasn’t successful because Motorola themselves introduced their PowerPC processor to the market, which was co-developed with IBM. The market moved away from the 68xxx CISC processor to the PPC60x RISC processor; the rest is “history.”]

C2: And lastly, how should companies “cheat” to win?

Ray: It’s hard to cheat in the open market, against big entrenched players. The best way to cheat is to fragment an existing market. Sun Tzu called this the “Divisional” strategy. Companies can create a niche such as by creating an open standard for your version of a board or system architecture. Creating a niche is like being smarter, but is marketing-based instead of being engineering-based.

At VITA/VSO, the policies and procedures allow any company, along with two other sponsors, to write a new standard without interference. There are countless examples of this within VITA, and many of these “fragmented niches” have become successful standards that we use today, including FMC, PMC, and XMC [mezzanine cards]. Older standards like Greenspring [mezzanine modules] were successful but now mostly obsolete. There are other new standards such as the three for rugged small form factors [VITA 73, 74, 75]. And the various OpenVPX profiles are other examples, such as new “Space VPX” and “Space VPX Lite”.

C2: Any last thoughts?

Ray: As Albert Einstein once said, “We cannot solve problems by using the same kind of thinking we used when we created them.” My point: look to new architectures beyond von Neumann’s architecture that the semiconductor guys keep forcing on us. Consider fiber interconnects as a way to get off the copper-trace technology curve. Create a niche—“cheat” if you have to. Just don’t end up following a kitty litter business strategy, else you’ll be taken out with the trash.

How Does One “Zeroize” Flash Devices?

By Chris A. Ciufo, Editor Embedded Systems Engineering

Editor’s Note: This is Part 1 of a two-part article on the topic of securely erasing data in flash devices such as memories and SSDs. In Part 2, I examine the built-in flash secure erase feature intended to eradicate sensitive data and see if it meets DoD and NIST specifications.

I was recently asked the question of how to go about “zeroizing” flash memory and SSDs. I had incorrectly assumed there was a single government specification that clearly spelled out the procedure(s). Here’s what several hours of research revealed:

DoD has no current spec that I could find besides DoD 5220.22-M “National Industrial Security Program[1]. This 2006 document prefaced by the Under Secretary of Defense cancels a previous 1995 recommendation and discusses some pretty specific procedures for handling classified information. After all, the only reason to sanitize or zeroize flash memory is to eradicate classified information like data, crypto keys, or operating programs (software). The document makes reference to media—including removable media (presumably discs, CDs and USB drives at that time)—and the need to sanitize classified data. However, I was unable to identify a procedure for sanitizing the media.

There is, however, a reference to NIST document 800-88Guidelines for Media Sanitization” published in DRAFT form in 2012. A long document that goes into extensive detail on types of media and the human chain of command on handling classified data, Appendix A provides lengthy tables on how to sanitize different media. Table A-8 deals with flash memory and lists the following steps (Figure 1):

-       Clear: 1. Overwrite the data “using organizationally approved and validated overwriting technologies/methods/tools” and at least one pass through by writing zeros into all locations. 2. Leverage the “non-enhanced” ATA Secure Erase feature built into the device, if supported.

-       Purge: 1. Use the ATA sanitize command via a) block erase and b) Cryptographic Erase (aka “sanitize crypto scramble”). One can optionally apply the block erase command after the sanitize command. 2. Apply ATA Secure Erase command, but the built-in (if available) sanitize command is preferred. 3. Use the “Cryptographic Erase through TCG Opal SSC or Enterprise SSC”—which relies on media (drives, including SSDs) that use the FIPS 140-2 self-encrypting feature.

-       Shred, Disintegrate, Pulverize, or Incinerate the device. This literally means mechanically destroy the media such that if any 1’s and 0’s remain on the floating transistor gates, it’s not possible to reconstruct these bits into useful data.

Figure 1: Recommended ways to sanitize flash media per NIST 800-88 DRAFT Rev 1 (2012).

Figure 1: Recommended ways to sanitize flash media per NIST 800-88 DRAFT Rev 1 (2012).

Of note in the NIST document is a footnote that states that Clear and Purge must each be verified. Crypto Erase only needs verification if performed prior to a Clear or Purge. In all of these cases, all procedures except for mechanical eradication rely on mechanisms built into the drive/media by the manufacturer. There is some question if this is as secure as intended and the NSA—America’s gold standard for all things crypto—has only one recommended procedure.

The NSA only allows strong encryption or mechanical shredding, as specified in “NSA/CSS Storage Device Sanitization Manual.” This 2009 document is now a bit difficult to find, perhaps because the NSA is constantly revising its Information Assurance (IA) recommendations to the changing cyberspace threats due to information warfare. Visiting the NSA website on IA requires a DoD PKI certificate per TLS 1.2 and a “current DoD Root and Intermediate Certificate Authorities (CA) loaded” into a browser. Clearly the NSA follows its own recommendations.

The manual is interesting reading in that one has only the choice to cryptographically protect the data (and the keys) and hence not worry about sanitization. Or, one can render the media (drive) completely unrecognizable with zero probability of any data remaining. By “unrecognizable,” think of an industrial shredder or an iron ore blast furnace. When it’s done, there’s nothing remaining.

Recent discussions with government users on this topic reminded me of the Hainan Island Incident in 2001 where a Chinese fighter jet attempting an intercept collided with a US Navy EP-3 SIGINT aircraft. The EP-3 was forced to make an emergency landing on China-controlled Hainan, giving unauthorized access to classified US equipment, data, algorithms and crypto keys (Figure 2). It was a harrowing experience, sadly causing the death of the Chinese pilot and the near-fatalities of the 24 Navy crew.

The crew had 26 minutes to destroy sensitive equipment and data while in the air using a fire axe, hot coffee and other methods, plus another 15 minutes on the ground, but it was widely reported to be only partially successful. While this sounds far-fetched, the topic of sanitizing data is so critical—yet so unresolved, as described above—that allegedly some current-generation equipment includes a visible “Red X” indicating exactly where an operator is to aim a bullet as a last ditch effort to mechanically sanitize equipment.

Figure 2: US Navy EP-3 SIGINT plane damaged in 2001 by collision with Chinese fighter jet. The crew did only a partial sanitization of data. (Image courtesy of Wikipedia.org and provided by Lockheed Martin Aeronautics.)

Figure 2: US Navy EP-3 SIGINT plane damaged in 2001 by collision with Chinese fighter jet. The crew did only a partial sanitization of data. (Image courtesy of Wikipedia.org and provided by Lockheed Martin Aeronautics.)

From Pulverize to Zeroize

There’s a lot of room between the DoD’s wish to have classified data and programs zeroized and the NSA’s recommendation to pulverize. The middle ground is the NIST spec listed above that relies heavily on flash memory manufacturer’s built-in secure erase options. While there are COTS recommendations for secure erase, they are driven not from a military standpoint but from the need to protect laptop information, Sarbanes-Oxley (corporate) legislation, health records per HIPAA, and financial data.

In Part 2 of this article, I’ll examine some of the COTS specifications built into ATA standards (such as Secure Erase), recommendations presented at Flash Memory Summit meetings, and raise the question of just how much trust one can place in these specifications that are essentially self-certified by the flash memory manufacturers.


[1] Previously, DoD relied on NISPOM 8-306; NSA had NSA 130-2 and NSA 9-12; Air Force had AFSSI-5020; Army had AR 380-19; and Navy had NAVSO P-5239-26. These all appear to be out of date and possibly superseded by the latest 5220.22-M. As a civilian, it’s unclear to me—perhaps a reader can shed some light?

AMD Targets Embedded Graphics

As the PC market flounders, AMD continues focus on embedded, this time with three (3) new GPU families.

The widescreen LCD digital sign at my doctor’s office tells me today’s date, that it’s flu season, and that various health maintenance clinics are available if only I’d sign up. I feel guilty every time.

An electronic digital sign, mostly text based. (Courtesy: Wikimedia Commons.)

An electronic digital sign, mostly text based. (Courtesy: Wikimedia Commons.)

These kind of static, text-only displays are not the kind of digital sign that GPU powerhouses like AMD are targeting. Microsoft Windows-based text running in an endless loop requires no graphics or imaging horsepower at all.

Instead, high performance is captured in those Minority Report multimedia messages that move with you across multiple screens down a hallway; the immersive Vegas-style electronic gaming machines that attract senior citizens like moths to a flame; and the portable ultrasound machine that gives a nervous mother the first images of her baby in HD. These are the kinds of embedded systems that need high-performance graphics, imaging, and encode/decode hardware.

AMD announced three new embedded graphics families, spanning low power (4 displays) ranging up to 6 displays and 1.5 TFLOPs of number crunching for high-end GPU graphics processing.

AMD announced three new embedded graphics families, spanning low power (4 displays) ranging up to 6 displays and 1.5 TFLOPs of number crunching for high-end GPU graphics processing.

Advanced Micro Devices wants you to think of their GPUs for your next embedded system.

AMD just announced a collection of three new embedded graphics processor families using 28nm process technology designed to span the gamut from multi-display and low power all the way up to a near doubling of performance at the high end.  Within each new family, AMD is looking to differentiate from the competition at both the chip- and module/board-level. Competition comes mostly from Nvidia discrete GPUs, although some Intel processors and ARM-based SoCs cross paths with AMD. As well, AMD is pushing its roadmap quickly away from previous generation 40nm GPU devices.

Comparison between AMD 40nm and 28nm embedded GPUs.

Comparison between AMD 40nm and 28nm embedded GPUs.

A Word about Form Factors

Sure, AMD’s got PC-card plug-in boards in PCI Express format—long ones, short ones, and ones with big honking heat sinks and fans and plenty of I/O connections. AMD’s high-end embedded GPUs like the new E8870 Series are available on PCIe and boast up to 1500 GFLOPs (single precision) and 12 Compute Units. They’ll drive up to 6 displays and burn up to 75W of power without an on-board fan, yet since they’re on AMD’s embedded roadmap—they’ll be around for 5 years.

An MXM (Mobile PCIe Module) format PCB containing AMD’s mid-grade E8950 GPU.

An MXM (Mobile PCIe Module) format PCB containing AMD’s mid-grade E8950 GPU.

Compared to AMD’s previous embedded E8860 Series, the E8870 has 97% more 3DMark 11 performance when running from 4GB of onboard memory. Interestingly, besides the PCIe version—which might only be considered truly “embedded” when plugged into a panel PC or thin client machine—AMD also supports the MXM format.  The E8870 will be available on the Type B Mobile PCI Express Module (MXM) that’s a mere 82mm x 105mm and complete with memory, GPU, and ancillary ICs.

Middle of the Road

For more of a true embedded experience, AMD’s E8950MXM still drives 6 displays and works with AMD’s EyeFinity capability of stitching multiple displays together in Jumbotron fashion. Yet the 3000 GFLOPs (yes, that’s 3000 GFLOPs peak, single precision) little guy still has 32 Compute Units, 8 GB of GPU memory, and is optimized for 4K (UHD) code/decoding. If embedded 4K displays are your thing, this is the GPU you need.

Hardly middle of the road, right? Depending upon the SKU, this family can burn up to 95W and is available exclusively on one of those MXM modules described above. In embedded version, the E8950 is available for 3 years (oddly, two fewer than the others).

Low Power, No Compromises

Yet not every immersive digital sign, MRI machine, or arcade console needs balls-to-the-wall graphics rendering and 6 displays. For this reason, AMD’s E6465 series focuses on low power and small form factor (SFF) footprint. Able to drive 4 displays and having a humble 2 Compute Units, the series still boasts 192 GFLOPs (single precision), 2 GB of GPU memory, 5 years of embedded life, but consumes a mere 20W.

The E6465 is available in PCIe, MXM (the smaller Type A size at 82mm x 70mm), and a multichip module. The MCM format really looks embedded, with the GPU and memory all soldered on the same MCM substrate for easier design-in onto SFFs and other board-level systems.

More Than Meets the Eye

While AMD is announcing three new embedded GPU families, it’s easy to think the story stops with the GPU itself. It doesn’t. AMD doesn’t get nearly enough recognition for the suite of graphics, imaging, and heterogeneous processing software available for these devices.

For example, in mil/aero avionics systems AMD has a few design wins in glass cockpits such as with Airbus. Some legacy mil displays don’t always follow standard refresh timing, so the new embedded GPU products support custom timing parameters. Clocks like Timing Standard, Front Porch, Refresh Rate and even Pixel Clocks are programmable—ideal for the occasional non-standard military glass cockpit.

AMD is also a strong supporter of OpenCL and OpenGL—programming and graphics languages that ease programmers’ coding efforts. They also lend themselves to creating DO-254 (hardware) and DO-178C (software) certifiable systems, such as those found in Airbus military airframes. Airbus Defence has selected AMD graphics processors for next-gen avionics displays.

Avionics glass cockpits, like this one from Airbus, are prime targets for high-end embedded graphics. AMD has a design win in one of Airbus' systems.

Avionics glass cockpits, like this one from Airbus, are prime targets for high-end embedded graphics. AMD has a design win in one of Airbus’ systems.

Finally, AMD is the founding member of the HSA Foundation, an organization that has released heterogeneous system standard (HSA) version 1.0, also designed to make programmers’ jobs way easier when using multiple dissimilar “compute engines” in the same system. Companies like ARM, Imagination, MediaTek and others are HSA Foundation supporters.

 

 

AMD on a Design Win Roll: GE and Samsung, Recent Examples

AMD is announcing several design wins per week as second-gen APUs show promise.

Note: AMD is a sponsor of this blog.

I follow many companies on Twitter, but lately it’s AMD that’s tweeting the loudest with weekly design wins. The company’s APUs—accelerated processing units—seem to be gaining traction in systems where PC functionality with game-like  graphics is critical. Core to both of these—pun intended!—is the x86 ISA with its PC compatibility and rich software ecosystem.

Here’s a look at two of AMD’s recent design wins, one for an R-Series and the other for the all-in-one G-Series APU.

Samsung’s “set-back box” adds high-res graphics and PC functions to their digital signage displays. (Courtesy: Samsung.)

Samsung’s “set-back box” adds high-res graphics and PC functions to their digital signage displays. (Courtesy: Samsung.)

Samsung Digital Signs on to AMD

In April Samsung and AMD announced that AMD’s second-gen embedded R-Series APU, previously codenamed “Bald Eagle” is powering Samsung’s latest set-back box (SBB) digital media players. I had no idea what a set-back box is until I looked it up.

Turns out it’s a slim embedded “pizza box” computer 310mm x 219mm x 32mm (12.2in x 8.6in x 1.3in) that’s inserted into the back (“set-back”) of a Samsung Large Format Display (LFD). These industrial-grade LFDs range in size from 32in to 82in and are used in digital signage applications.

Samsung LFDs (large format displays) use AMD R-Series APUs for flexible display features, like sending content to multiple displays via a network. (Courtesy: Samsung.)

Samsung LFDs (large format displays) use AMD R-Series APUs for flexible display features, like sending content to multiple displays via a network. (Courtesy: Samsung.)

What makes them so compelling is the reason they chose AMD’s R-Series APU. The SBB is a complete networked PC, alleviating the need for a separate box; they’re remotely controlled by Samsung’s MagicInfo software that allows up to 192 displays to be linked with same- or stitched-display information.

That is, one can build a video wall where the image is split across the displays—relying on AMD’s EyeFinity graphics feature—or content can be streamed across networked displays depending upon the retailer’s desired effect. Key to Samsung’s selling differentiation is remote management, RS232 control, and network-based self-diagnostics and active alert notification of problems.

Samsung is using the RX-425BB APU with integrated AMD Radeon R6 GPU. Per the datasheet, this version has a 35W TDP, 4 x86 cores and 6 GPU cores @ 654 MHz, is based on AMD’s latest “Steamroller” 64-bit CPU and Embedded Radeon E8860 discrete GPU. Each R-Series APU can drive four 3D, 4K, or HD displays (up to 4096 x 2160 pixels) while running DirectX 11.1, OpenGL 2.4 and AMD’s Mantle gaming SDK.

As neat as all of this is—it’s a super high-end embedded LAN-party “gaming” PC system, afterall—it’s the support for the latest HSA Foundation specs that makes the R-Series (and companion G-Series SOC) equally compelling for deeply embedded applications.  HSA allows mixed CPU and GPU computation which is especially useful in industrial control with its combination of general purpose, machine control, and display requirements.

GE Chooses AMD SOC for SFF

The second design win for AMD was back in February and it wasn’t broadcast widely: I stumbled across it while working on a sponsored piece for GE Intelligent Platforms (Disclosure: GE-IP is a sponsor of this blog.)

The AMD G-Series is now a monolithic, single-chip SOC that combines x86 CPU and Radeon graphics. (Courtesy: GE; YouTube.)

The AMD G-Series is now a monolithic, single-chip SOC that combines x86 CPU and Radeon graphics. (Courtesy: GE; YouTube.)

Used in a rugged, COM Express industrial controller, the AMD G-Series SOC met GE’s needs for low power and all-in-one processing, said Tommy Swigart, Global Product Manager at GE Intelligent Platforms. The “Jaguar” core in the SOC can sip as little as 5W TDP, yet still offers 3x PCIe, 2x GigE, 4x serial, plus HD audio and video, 10 USB (including 2x USB 3.0) and 2 SATA interfaces. What a Swiss Army knife of capability it is.

GE chose AMD’s G-Series APU for a rugged COM Express module for use in GE’s Industrial Internet. (Courtesy: GE Intelligent Platforms, YouTube.)

GE chose AMD’s G-Series APU for a rugged COM Express module for use in GE’s Industrial Internet. (Courtesy: GE Intelligent Platforms, YouTube.)

GE’s going all-in with the GE Industrial Internet, the company’s version of the IoT. Since the company is so diversified, GE can wring cost efficiencies for its customers by predicting aircraft maintenance, reducing energy in office HVAC installations, and interconnecting telemetry from locomotives to reduce track traffic and downtime. AMD’s G-Series APU brings computation, graphics, and bundles of I/O in a single-chip SOC—ideal for use in GE’s rugged SFF.

GE’s Industrial Internet runs on AMD’s G-Series APU. (Courtesy: GE; YouTube.)

GE’s Industrial Internet runs on AMD’s G-Series APU. (Courtesy: GE; YouTube.)

 

CES Turns VPX Upside Down Using COM

Instead of putting I/O on a mezzanine, the processor is on the mezzanine and VPX is the I/O baseboard.

[ UPDATE: 19:00 hr 24 Apr 2015. Changed the interviewee's name to Wayne McGee, not Wayne Fisher. These gentlemen know each other, and Mr. McGee thankfully was polite about my misnomer. A thousand pardons! Also clarified that the ROCK-3x was previously announced. C. Ciufo ]

The computer-on-module (COM) approach puts the seldom-changing I/O on the base card and mounts the processor on a mezzanine board. The thinking is that processors change every few years (faster, more memory, from Intel to AMD to ARM, for example) but a system’s I/O remains stable for the life of the platform.

COM is common (no pun) in PICMG standards like COM Express, SGET standards like Q7 or SMARC, and PC/104 Consortium standards like PC/104 and EBX.

But to my knowledge, the COM concept has never been applied to VME or VPX. With these, the I/O is on the mezzanine “daughter board” while the CPU subsystem is on the base “mother board”.Pull quote

Until now.

Creative Electronic Solutions—CES—has plans to extend its product line into more 3U OpenVPX I/O carrier boards onto which are added “processor XMC” mezzanines. An example is the newer AVIO-2353 with VPX PCIe bus—meaning it plugs into a 3U VPX chassis and acts as a regular VPX I/O LRU.  By itself, it has MIL-STD-1553, ARINC-429, RS232/422/485, GPIO, and other avionics-grade goodies.

The CES ROCK-3210 VNX small form factor avionics chassis.

The CES ROCK-3210 VNX small form factor avionics chassis.

But there’s an XMC site for adding the processor, such as the company’s MFCC-8557 XMC board that uses a Freescale P3041 quad-core Power Architecture CPU. If you’re following this argument, the 3U VPX baseboard has all the I/O, while the XMC mezzanine holds the system CPU. This is a traditional COM stack, but it’s unusual to find it within the VME/VPX ecosystem.

“This is all part of CES’s focus on SWAP, high-rel, and safety-critical ground-up design,” said Wayne McGee, head of CES North America. The company is in the midst of rebranding itself and the shiny new website found at www.ces-swap.com makes their intentions known.

CES has been around since 1981 and serves high-rel platforms like the super-collider at CERN, the Predator UAV, and various Airbus airframes. The emphasis has been on mission- and safety-critical LRUs and systems “Designed for Safety” to achieve DAL-C under DO-178B/C and DO-254.

“We’ll be announcing three new products at AUVSI this year,” McGee told me, “and you can expect to see more COM-style VPX/XMC combinations with some of the latest processors.” Also to be announced will be extensions to the company’s complete VNX small form factor (SFF) chassis systems, such as a new version of the rugged open computer kit (ROCK-3x)—previously announced in February at Embedded World.

CES is new to me, and it’s great to see some different-from-the-pack innovation from an old-school company that clearly has new-school ideas. We’ll be watching closely for more ROCK and COM announcements, but still targeting small, deployable safety-certifiable systems.

Can industrial imaging software benefit military SIGINT analysis?

Software creates a height map from a 2D image.

Software creates a height map from a 2D image.

I received a press release today from Olympus Industrial Equipment Group (the camera guys) about an update to their image analysis software used with industrial microscopes. Who knew Olympus made microscopes? This is not normally my area of expertise.

However…the Olympus Stream image enhancement software has some pretty awesome capabilities that make me wonder if this COTS software could be used (or adapted) to work in military/aerospace signals intelligence (SIGINT) or reconnaissance imagery analysis. After all, the key part of C4ISR is not capturing the (image) data, it’s analyzing the images to make meaningful decisions. For instance: was there a truck parked there yesterday? Has that patch of grass been matted down by a vehicle or group of humans?

As well, images often need to be enhanced due to poor lighting, dust or fog obfuscation, and finely measuring distances would be handy too.

HDR image enhancement in the Olympus Stream microscope software might benefit military image analysts. Note how this sample looks like a satellite image of a  plot of land.

HDR image enhancement in the Olympus Stream microscope software might benefit military image analysts. Note how this sample looks like a satellite image of a plot of land. (Courtesy: Olympus; YouTube.)

The 1.9 version of the Stream software adds these features: Automatic Measurement and Coating Thickness. “Automatic Measurement allows the creation of complex measurements using scanners by automatic detection of material edges and pattern recognition. This materials solution automatically measures distances, circle diameters, and angles between two lines. Automatic Measurement also supports the multiple stage location and sample alignment with OLYMPUS Stream Motion.”

A full-on (top-down) view of a sample. Image that this object is an enemy bunker.

A full-on (top-down) view of a sample. Image that this object is an enemy bunker. (Courtesy: Olympus.)

Now forget about the fact that someone is analyzing a hunk of metal covered with scratches that gouge hills and valleys out of the surface. Couldn’t this be an image of an earthscape with real hills and valleys? Might we want to measure the distance between some of these surface features? The software can also digitally adjust focus, change and enhance details in the image, and create 3D images using z-axis slices from the original image.

Image enhancement and 3D rendering from a 2D view and z-axis sensor slices.

Image enhancement and 3D rendering from a 2D view and z-axis sensor slices. (Courtesy: Olympus.)

To me, this COTS software has many features that U.S. DoD and CIA analysts need when analyzing recon images. I wonder if it could be used not in microscopes, but it tactical military scenarios.

 

AMD’s Single Chip Embedded SoC: Upward and to the Right

Monolithic AMD embedded G Series SoCs combine x86 multicore, Radeon graphics, and a Southbridge. It’s one-stop-shopping, and it’s a flood targeting Intel again.

AMD arrow logoThe little arrow-like “a” AMD logo once represented an “upward and to right” growth strategy, back in the 1980s as the company was striving for $1.0B and I worked there just out of university.

In 2013, AMD is focusing on the embedded market with a vengeance and it’s “upward and to the right” again. The stated target is for AMD to grow embedded revenues from 5% in Q3 2012 to 20% of the total by Q4 2013. Wow. I’m excited about the company’s prospects, though I know they’ve had decades of false starts or technology successes that were later to sold off in favor of their personal war with Intel for PC dominance. (Flash memories and Vantis? The first DSP telephone modem Am7910? Telecom line cards? Alchemy “StrongMIPS”? All gone.)

Know what? PCs are in the tank right now, embedded is the market, and AMD might just be better positioned than Intel. They’re certainly saying all the right things. Take this week’s DESIGN West announcement of the new embedded G Series “SoCs”. Two years ago AMD invented the term Accelerated Processing Unit (APU) as a differentiated x86 CPU with an ATI GPU.

An AMD Accelerated Processing Unit merges a multicore x86 CPU with a Radeon GPU.

An AMD Accelerated Processing Unit merges a multicore x86 CPU with a Radeon GPU.

This week’s news is how the APU mind-melds with all of the traditional x86 Southbridge I/O to become a System-on-Chip (SoC).

The AMD G Series “SoC” does more real estate slight-of-hand by eliminating the Southbridge to bring all peripherals on-board the APU.

The AMD G Series “SoC” does more real estate slight-of-hand by eliminating the Southbridge to bring all peripherals on-board the APU.

The G Series SoCs meld AMD’s latest 28 nm quad-core “Jaguar” with the ATI Radeon 8000 series GPU and claim a 113 percent CPU and 20 percent GPU performance jump. More importantly, the single-chip SoC concept reduces footprint by 33 percent by eliminating a whole IC. On-board peripherals are HDMI/DVI/LVDS/VGA, PCIe, USB 2.0/3.0, SATA 2.x/3.x, SPI, SD card reader interface, and more. You know, the kind of stuff you’d expect in an all-in-one.

Available in 2- and 4-core flavors, the G Series SoC saves up to 33% board real estate, and even drives dual displays and high-res.

Available in 2- and 4-core flavors, the G Series SoC saves up to 33% board real estate, and even drives dual displays and high-res.

AMD is clearly setting their sites on embedded, and Intel is once again in the crosshairs. The company claims a 3x (218 percent) overall performance advantage with the GX-415GA SKU (quad core, 1.5 GHz, 2 MB L2) over Intel’s Atom D525 running Sandra Engineering 2011 Dhrystone ALU, Sandra Engineering 2011 Whetstone iSSE3, and other benchmarks such as those from EEMBC. Although AMD’s talking trash about the Atom, they’re disclosing all of their benchmarks, the hardware they were run on, and the OS assumptions. (The only thing that maybe seems hinky to me is that the respective motherboards use 4 GB DRAM (AMD) versus 1 GB DRAM (Intel).)

AMD CPU performance graph 1

And then there’s the built-in ECC which targets critical applications such as military, medical, financial, and casino gaming. The single-chip SoC is also designed ground-up to run -40 to +85C (operation) and will fit the bill in many rugged, defense, and medical applications requiring really good horsepower and graphics performance. Fan-less designs are the sweet spot with a 9W to 25W TDP, with all I/O’s blazing. Your mileage may vary, and AMD claims a much-better-than-Intel Performance-per-Watt number of 19 vs 9 as shown below. There are more family members to follow, some with sub 9W power consumption. Remember, that’s for CPU+GPU+Peripherals combined. Again, read the fine print.

AMD performance per Watt 1

I’m pretty enthused about AMD’s re-entry into the embedded market. Will Intel counter with something similar? Maybe not, but their own ultra low power Atom-based SoCs are winning smartphone designs left and right and have plenty of horsepower to run MPEG4 decode, DRM, and dual screen displays a la Apple’s AirPlay. So it’s game on, boys and girls.

The AMD vs Intel battle has always been good for the entire industry as it has “lifted all boats”. Here’s to a flood of new devices in embedded.

 

 

Getting a bead on the bad guys: COTS-based soft information fusion merges military C4ISR data with web and other sources

A military analyst or command and control operator could soon get much better INTEL by combining military data with information from the web.

Bottom Line: I’m unaware of anyone else yet offering a COTS sensor fusion product that combines hard and soft information sources to take advantage of Internet intelligence.

[Update 4:45pm PDT 19Mar13: corrections from "data" to information; added explanation on API and MSCT output; corrected GMTI from plots to tracks.]

Cope Tiger 13

(Courtesy: US Air Force.)

Picture this scenario: a BDU khaki-uniformed DoD analyst is staring at multiple screens of intelligence (INTEL) data and images pertaining to an unmarked ship off the coast of some unnamed country. The ship’s actions have been odd, and the Coast Guard had been tracking it for some time until it went into international waters. New satellite images now show the ship at anchor in a different location than yesterday. What’s it doing there? Are the ship’s intentions nefarious? Who is aboard, and what cargo is aboard?

This kind of scenario vexes joint military forces, Homeland Security, and myriad three-letter agencies.

The challenge for any analyst is to make decisions based upon actionable intelligence by combining every scrap of information into a situational awareness picture that maximizes what the human does best: make a decision or recommendation.  The problem with data for DoD and CIA analysts is there’s either not enough of it, or there’s too much. It’s hard to make a decision with limited information; and it’s too time consuming to dedicate an analyst’s time to culling through SAR images, GMTI (ground moving target indicator) tracks, satellite photos, transcribed radio chatter, action reports, and so on.

As well, decisions are made using more than mere “data”. Sophisticated or low-level sensor outputs are “data” (such as L0/L1 trackers), but other non-traditional asymmetric information not currently in a structured data set might also be relevant and useful to an analyst’s task.

Larus Technologies aims to change all of that with the announcement of their high level information fusion engine (HLIFE) that melds a “collection of commercially available embedded software modules for C4ISR and Security systems” into an information fusion model. Based on the company’s patent-pending adaptive behavioral learning and predictive modeling algorithms, multiple sensing modalities can now be combined together to provide a more complete C4ISR and INTEL picture for analysts.

Larus Technologies' COTS sensor fusion product uses proprietary algorithms to fuse hard military data with soft, unstructured data like web pages or civilian data bases.

Larus Technologies’ COTS sensor fusion product uses proprietary algorithms to fuse hard military data with soft, unstructured data like web pages or civilian data bases.

But the company’s product is not just one Big Data MUX.  Instead, it intelligently combines a mixture of DoD, government and other “hard” and structured data sources with “soft” unstructured sources such as weather reports, search and rescue operator reports, human intelligence (HUMINT), flight schedules, web sites, and myriad other web-based information.

The company’s Total::Insight product is a commercial solution that can immediately leverage high level information fusion and computation intelligence based upon the DoD’s Joint Director of Labs (JDL) data fusion Model. The software performs behavior analysis through predictive modeling, and is “capable of dealing with heterogeneous (multi-source, multi-sensor) data.” The HLIF engine fuses: anomaly detection, trajectory prediction, intent assessment, threat assessment, adaptive learning (situational and procedural). Details on these algorithm components can be found in their white paper “Total Maritime Domain Awareness“, which requires registraion.

This company is new to me, but the concept of offloading an operator/analyst by providing more upstream intelligence is not. Raytheon’s multi-source correlator tracker (MSCT) does something similar with military data sources such as tactical sensors. In contrast, Larus says that they are a neutral COTS vendor that can take output from products like MSCT as well as provide an API so customers can “direct the output (i.e. alerts, warnings, suggested actions) out to their favorite command and control systems.”

Still, I’m unaware of anyone yet offering a COTS product that combines hard and soft data–rather, information–sources to take advantage of Internet-based intelligence. I’ll be watching Larus Technologies; you should too.

Rugged Shoebox Computers Still Popular; GE does an about “FACE”

Hint: Bottom line? US Army realizes h/w changes faster than s/w, so FACE tries to make software portable by defining standard interfaces. This may be bad for the h/w vendors, though, as it cuts both ways.

 

GE Intelligent Platforms has introduced a rugged “shoebox” computer for mil systems called the FACEREF1. I’m scratching my head over the wisdom of the name, but it stands for Future Airborne Capability Environment and is based upon the FACE Consortium’s specs for an open reference architecture. A sub-group of the Open Group (actually “Open Group Managed Consortium”), the FACE Consortium “provides a vendor neutral forum” where industry and government work together to develop best practices and open standards for avionics. (Note to self: Isn’t that what PICMG and VITA do?)

This isn’t the first time GE has developed a rugged shoebox. Back in 2005, SBS Technologies – later acquired by GE if memory serves – rolled out the Rugged Operation Computer (ROC) shown in Figure 1. Launched at AUSA DC in 2005, this 5.75 pound “palm-sized” rugged shoebox was really unique in its day because it bucked the trend of sticking 6U VME cards in ATR boxes. Then about the smallest you could deploy using rugged COTS was a 1/2 ATR (short) whereas the ROC measured 3.5  (H) x 4.2 (D) x 6.8 (W).

Figure 1: The SBS Technologies ROC was among the first COTS rugged shoeboxes, weighing a mere 5.75 pounds in 2006 and was equipped with either a Pentium M or PowerPC CPU in 2006.

That’s roughly one quarter the size of the equivalent VME ATR box. ROC also used proprietary cards inside, though an industry standard PMC card was a factory option. While companies like Dy4, Radstone, Curtiss-Wright and others were relying exclusively on open standards, SBS realized the value was at the system or box level, not the card. Why not put whatever worked inside?  This theory is common today, but not seven years ago.

In 2011, GE also introduced a similar rugged shoebox family – the CRS-C2P-3CC1 and CRS-C3P-3CB1 (what’s with the names, guys?) which this time were based upon standards: 3U CompactPCI from PICMG (Figure 2). They also ran Freescale PowerPCs with a Wind River operating system.

 

Figure 2: GE’s 3U CompactPCI CRS-C2P-xxx and -C3P-xxx were 2- and 3-slot open standard-based rugged shoeboxes. They were introduced in 2011.

Today’s FACEREF1 shoebox uses GE’s SBC312 SBC (Freescale P4080 8-core), plus a PMCCG1 graphics PMC (S3 2300E GPU) shown in Figure 3. What makes this shoebox unique isn’t really the card, it’s the software premise behind FACE making GE’s rugged shoebox a software reference platform supported by a Wind River hypervisor, Presagis OpenGL for graphics, and the venerable VAPS XT object-oriented HMI tool from Presagis (formerly Virtual Prototypes, or VPI). FACE is sponsored by the US Army’s PEO Aviation, undoubtedly as a way of abstracting hardware to ensure software portability as COTS technology changes much faster than the certified code running it.

Figure 3: GE’s latest rugged shoebox conforms to Future Airborne Capability Environment (FACE), an open platform that defines software interfaces and emphasizes portability to maximize warfighter value.